Is there a good way to handle SSL and non-ssl on the same port, with ssl handled by HAProxy
I can do ex: frontend maybessl bind *:443 bind localhost:1443 ssl crt example.pem acl client_hello req_ssl_hello_type 1 use_backend ssl if client_hello default_backend clear backend ssl server ssl localhost:1443 But then each SSL socket going through the load balancer is making an extra connection to localhost. For my use case, I'm planning to have large numbers of long running connections, so extra sockets and file descriptors is unpleasant. Some way of turning on SSL after the socket started could be helpful for STARTTLS use cases as well (not sure if there's a lot of demand for that though). Thanks, Richard